HardenedBSD/etc/pam.conf

28 lines
1.0 KiB
Plaintext
Raw Normal View History

# Configuration file for Pluggable Authentication Modules (PAM).
#
# This file controls the authentication methods that login and other
# utilities use. See pam(8) for a description of its format.
#
# Note: the final entry must say "required" -- otherwise, things don't
# work quite right. If you delete the final entry, be sure to change
# "sufficient" to "required" in the entry before it.
#
# $FreeBSD$
# If the user can authenticate with S/Key, that's sufficient.
login auth sufficient pam_skey.so
# Check skey.access to make sure it is OK to let the user type in
# a cleartext password. If not, then fail right here.
login auth requisite pam_cleartext_pass_ok.so
# If you want KerberosIV authentication, uncomment the next line:
#login auth sufficient pam_kerberosIV.so try_first_pass
# Traditional getpwnam() authentication.
login auth required pam_unix.so try_first_pass
# If we don't match anything else, default to using getpwnam().
other auth required pam_unix.so try_first_pass
other account required pam_unix.so try_first_pass